Intrusion detection systems (IDSs) can detect attacks on network-hosted systems. For example, an IDS can receive and analyze evidence of attacks by searching digital patterns over network and/or host traffic. Increasing complexity of enterprise information systems (EISs) obliges enterprises to deploy multiple, yet isolated, IDSs in their information technology (IT) boundaries (e.g., network IDS (NIDS), host IDS (HIDS), application-level IDS (appIDS).
Modern exploits are disguisable and can appear to be innocent from an individual IDS perspective. However, maliciousness of a disguised exploit could be detected from an end-to-end application-level perspective. One of the core problems in this regard is the inability of detecting such end-to-end targeted attacks, whose functional scopes may stretch beyond business and IT boundaries.